Cyber Threat Workshop

August 19, 2021, 10:00 a.m. PST

background image

Integrating Threat Intelligence in Real Life:
Apps, APIs, and Notebooks for Insights throughout the SOC

In this Cyber Threat Workshop, we will continue our Summer Camp Series by looking at easy ways to integrate and automate intelligence throughout your security operation. Often, threat intelligence is irrelevant, stale, and hard to make sense of for the extended security stack. But when intelligence connects to your real-world attack surface, it will illuminate insights that are highly relevant (related to your personal digital footprint) and actionable (facts from real-world observations).

Introduction: Internet Discovery
and Graphing

  • Internet Graphing and History
  • Introduction to Datasets
  • Infrastructure Chaining and Pivoting
  • Threat and Adversary Mapping
  • Common Apps, APIs, and Notebooks

Pipe Relevant Threat Intelligence
to Your Security Ecosystem

  • See an organization’s attack surface for relevant threats and exposures
  • Identify risks and vulnerabilities
  • Expand threat search from one to thousands
  • Identify relationships and related infrastructure, including depth indicators from certificates, banners, and NetFlow

Automate Monitoring, Watchlists,
and Threat Tracking

  • Identify adversaries by finding fingerprints and threat indicators
  • See where and how threats become entangled with your attack surface
  • Track threats by expanding to preferred systems, like SIEM, SOAR, XDR, EDR, and even firewall rules

Our team of security experts will show how to leverage internet intelligence and smart graphing to pinpoint relationships within the global attack surface: you and others, good and bad, adversaries and allies. Once you can see and discover real-world threats, we will transition to give an introduction to the apps, APIs, and notebooks commonly used to speed up investigations and enrich existing security systems with up-to-the-moment threat intelligence. By leveraging continuous tracking, you will identify threats that are most relevant to you and your attack surface, and quickly gain awareness by leveraging external intelligence with internal (network) telemetry.

Additionally, RiskIQ’s security pros will share how to identify adversary-threat infrastructure and specific scripts and queries you can deploy for even faster results and rapid response.

Finally, you will learn how to identify the extended scope of threats and remediate vulnerabilities to global-scale attacks with live observations of CVEs and their current exploitation in the wild.

Hands-on labs and exercises will show how to expose real-life malicious and/or risky applications, hosts, domains, and components from services to silicon—every layer of your exploitable attack surface. In addition to improving your cyber threat skills, you get 2 CPE credits for attending.

WARNING: During this highly sensitive workshop, RiskIQ will share intelligence that has implications on national security for the United States. As such, RiskIQ will not distribute recordings from this specific cyber threat workshop. You must be present to receive threat intelligence resources, including threat actor tracking via related malicious infrastructure fingerprints.

Attend and Learn:

  • Introduction: Security Intelligence
  • Techniques for cyber threat analysis and management
  • How to leverage attack surface intelligence for faster threat investigations and response
  • Real-world use cases with hands-on exercises, labs, and investigations
  • Earn 2 CPE Credits

*Certificates for completion are distributed for attending the entire workshop

Agenda

TimeSession
10:00 a.m.Welcome and Introduction
  • Internet Graphing and History
  • Introduction to RiskIQ Datasets
  • Chaining Infrastructure to Find Relationships
  • Attack Surface Intelligence
  • Integrations with:
    • Microsoft Sentinel (SOAR/SIEM)
    • Microsoft Defender (EDR/XDR)
    • Jupyter Notebooks (API Automation)
Use Cases – Hands-On Exercises and Investigations
  • Using RiskIQ Illuminate, we'll show two paths for threat investigations. First, we will explore an active alert, requiring context, triage, and response insights. Second, we will practice strategic threat hunting by pivoting to build artifacts on adversaries and/or infrastructure of interest.
12:00 p.m.Wrap up